Attackers have posted a malicious Jpeg image file to Internet newsgroups that distribute pornography. The infected Jpeg file attempts to exploit a critical vulnerability Microsoft announced and issued a patch for on Sept. 14, in its MS04-028 security bulletin.

According to postings on the Internet security mailing list Bugtraq and Easynews Web portal, the infected Jpeg file was posted Monday. Users who download the file could allow attackers to take complete control of their systems.

Internet security information group Internet Storm Center issued an advisory saying the malicious file appears to have been developed using one of the many published "exploit kits" that are designed to make it easier to attack the MS04-028 vulnerability.

The center tested the attack-image file on unpatched Windows 2000 and XP SP1 systems running Internet Explorer. It said that while the malicious file managed only to crash Internet Explorer, better attacks are likely on the way. "We suspect that a working exploit is very close to widespread availability," wrote the center's Joshua Wright in the advisory.

Most popular antivirus apps can detect and protect against this attack, and Microsoft is urging users to update their systems with the patch included in its MS04-028 security bulletin.

Welcome to
TechWeb, the IT professional's online resource for news coverage of the
information technology industry. We know technology news. Our mobile
and wireless news coverage moves as fast as wireless technology itself.
We follow all the devices you depend on to stay connected. Our software
coverage follows the multi-faceted software industry from every angle.
We've got a lock on network security and computer security issues.
We're all over the business of the Web--the Internet business--and the
engines that run it. We have our eyes and ears tuned to the players who
make and run the tools that tie us all together--Google, Microsoft,
eBay, Cisco, Yahoo, Oracle, Apple, Sony--and scores of others. And we
keep close tabs on the backbone of information technology, PC hardware.
We know PCs and Apple computers inside and out. We cover computer
technology, computer news, software news, search engine news, business
software, operating systems, and software development. Our coverage of
tech news includes a strong focus on the security business, its
attendant spyware and viruses, how security relates to wireless
technology and business networking and the security issues surrounding
RFID technology. We closely follow developments in Internet news and
Internet technology, including the spread of broadband and its effect
on Web browsers and the Web business. We watch the VoIP business, and
how VoIP technology is affecting the state of telephony in the
enterprise. And if all that isn't enough, we also track developments in
the IT industry that affect IT jobs, IT careers, and outsourcing.